An important aspect of security in computers and computing systems is authentication of the identity of a user. Strong user authentication often employs multifactor authentication, which may require a password, a mechanical token such as a smart card or USB token, and/or recognition of a distinctive biological token of the user such as a fingerprint, a facial pattern, or a retinal pattern. Multifactor authentication typically requires use of specific subsystems such as a card reader, a camera, a finger print sensor, and a retinal scanner that an operating system or application requiring user authentication can access. Unfortunately, the communications between authentication subsystems and an operating system or application are subject to attack and impersonation. This has required manufacturers to add security capabilities in each authentication subsystem. For example, a fingerprint sensor may need the ability to provide tamper resistance against replay, man-in-the-middle attacks, and unauthorized modifications of matchers and templates (both in transit and in storage). The addition of security capabilities generally increases the complexity and cost of authentication subsystems. A side effect of the increased complexity is differences in authentication subsystems from different manufacturers, which makes it more difficult to produce a computing system that works with authentication subsystems from different manufacturers. Further, even with additional levels of security, authentication subsystems may still have vulnerabilities to attacks through malware, Trojans, and viruses, so that the subsystems are still not highly secure.
In the past, applications often needed extensive modification to take advantage of various authentication tokens such as a smart card, fingerprints, or a facial pattern. Systems and methods are needed to increase the security of user authentication while delivering lower cost and greater flexibility.
Use of the same reference symbols in different figures indicates similar or identical items.